On 15th August, a German security journalist Ronald Eikenberg reported a security flaw in the Kaspersky antivirus software. This flaw could have leaked data of millions of Kaspersky users worldwide.
According to the report, Kaspersky antivirus leaves a unique identifier into the HTML source code of each website a user visited. The unique identifier or Kaspersky ID left behind can be very easily read by other scripts running in the context of the website domain. The same Kaspersky ID can be used to keep track of their victim. The worse part is that the hackers can track the Kaspersky users even if the user uses other browsers or browsing in an incognito mode.
The company later reported that their Antivirus products are not compatible with TOR browser, so the reported flaw doesn’t exist in this browser.
Universally Unique Identifier (UUID) which Ronald Eikenberg discovered on computer systems having Kaspersky antivirus software installed was present on any website he visited. The unique ID can be seen below in bold letters present in the javaScript.
<script type=”text/javascript” src=”https://gc.kis.v2.scr.kaspersky-labs.com/9344FDA7-AFDF-4BA0-A915-4D7EEB9A6615/main.js” charset=”UTF-8″></script>
The same ID was seen in every browser he used such as Firefox, Google Chrome, Microsoft Edge and Opera. Ronald writes, “Without exception, even on the website of my bank, a script from Kaspersky was introduced”.
The company after getting reported about the flaw said that the users using Kaspersky 2016 editions for the last four years were vulnerable to this flaw. All the products of Kaspersky were affected including Kaspersky Internet Security, Kaspersky Total Security, and all the free versions.
However, the company released an update back in June 2019 to fix this flaw and issued an advisory a month later. Kaspersky thanked Ronald for reporting the flaw and made clear that this hack was highly unlikely to happen due to the complexity and low profitability for the hackers.
